vulnerability

April 12, 2018

THREAT RESEARCH

Vulnerability Spotlight: TALOS-2018-0529-531 – Multiple Vulnerabilities in NASA CFITSIO library

Vulnerabilities discovered by Tyler Bohan from Talos Overview Talos is disclosing three remote code execution vulnerabilities in the NASA CFITSIO library. CFITSIO is a library of C and Fortran subroutines...

April 11, 2018

THREAT RESEARCH

Vulnerability Spotlight: Multiple Simple DirectMedia Layer Vulnerabilities

Vulnerabilities identified in Simple DirectMedia Layer's SDL2_Image library could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D.

April 11, 2018

THREAT RESEARCH

Vulnerability Spotlight: Multiple Computerinsel PhotoLine PSD Code Execution Vulnerabilities

Cisco Talos discloses a vulnerability within the PSD-parsing functionality of Computerinsel Photoline, an image processing tool. PSD is a document format used by Adobe Photoshop and supported by many third-party applications.

April 4, 2018

THREAT RESEARCH

Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities

Vulnerabilities discovered by Cory Duplantis from Talos Overview Talos has discovered multiple vulnerabilities in Natus NeuroWorks software. This software is used in the Natus Xltek EEG medical products from...

March 1, 2018

THREAT RESEARCH

Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image

Overview Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layer's SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low...

March 1, 2018

THREAT RESEARCH

Vulnerability Spotlight: Dovecot out-of-bounds Read Vulnerability

Overview Today, Cisco Talos is disclosing a single out-of-bounds read vulnerability in the Dovecot IMAP server. Dovecot is a popular internet message access protocol, or IMAP, server...

February 5, 2018

SECURITY

Understanding the Attack Vectors of CVE-2018-0101 – Cisco ASA Remote Code Execution and Denial of Service Vulnerabilit …

On January 29, 2018, the Cisco PSIRT published a security advisory about a remote code execution and denial of service vulnerability affecting the Cisco ASA and Cisco Next-Generation Firewall platforms.

January 10, 2018

THREAT RESEARCH

Vulnerability Spotlight: Ruby Rails Gem XSS Vulnerabilities

Talos has discovered two XSS vulnerabilities in Ruby Rails Gems. Rails is a Ruby framework designed to create web services or web pages. Ruby Gems is a package manager for distributing software packages as ‘gems’. The two XSS vulnerabilities were discovered in two different gem packages: delayed_job_web and rails_admin. Ruby is widely used as a […]

January 9, 2018

THREAT RESEARCH

Vulnerability Spotlight: Multiple Vulnerabilities in the CPP and Parity Ethereum Client

Talos discloses vulnerabilities in CPP and Parity Ethereum clients: a denial of service vulnerability in libevm, plus a permissive cross-domain (CORS) whitelist policy vulnerability in the Ethereum Parity client.